本文為您提供指定的IP地址訪問OSS的參考示例。
- 以下策略表示:在
Allow授權中增加IP限制,允許通過192.168.0.0/16和172.16.0.0/12兩個IP地址來讀取myphotos中的信息。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "oss:ListBuckets", "oss:GetBucketStat", "oss:GetBucketInfo", "oss:GetBucketTagging", "oss:GetBucketAcl" ], "Resource": [ "acs:oss:*:*:*" ] }, { "Effect": "Allow", "Action": [ "oss:ListObjects", "oss:GetObject" ], "Resource": [ "acs:oss:*:*:myphotos", "acs:oss:*:*:myphotos/*" ], "Condition":{ "IpAddress": { "acs:SourceIp": ["192.168.0.0/16", "172.16.0.0/12"] } } } ] } - 以下策略表示:在
Deny授權中增加IP限制,如果源IP地址不是192.168.0.0/16,則禁止對OSS執行任何操作。說明 權限策略的鑒權規則是Deny優先,所以訪問者從192.168.0.0/16以外的IP地址訪問myphotos中的內容時,OSS會提示沒有權限。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "oss:ListBuckets", "oss:GetBucketStat", "oss:GetBucketInfo", "oss:GetBucketTagging", "oss:GetBucketAcl" ], "Resource": [ "acs:oss:*:*:*" ] }, { "Effect": "Allow", "Action": [ "oss:ListObjects", "oss:GetObject" ], "Resource": [ "acs:oss:*:*:myphotos", "acs:oss:*:*:myphotos/*" ] }, { "Effect": "Deny", "Action": "oss:*", "Resource": [ "acs:oss:*:*:*" ], "Condition":{ "NotIpAddress": { "acs:SourceIp": ["192.168.0.0/16"] } } } ] }